Create a new agent in FeiShu

v1.0.1

Configure OpenClaw multi-agent routing for Feishu multi-account setups. Use when users need two or more Feishu bots (different appId/appSecret) to run on iso...

⭐ 0· 357·0 current·0 all-time

by@tinywatermonster

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md’s actions (creating agents, editing ~/.openclaw/openclaw.json, binding accounts, and configuring memory embedding providers) are coherent with the stated purpose. However the skill metadata declares no required binaries or config paths while the runtime instructions require the openclaw CLI and common tools (jq, rg/rg, mkdir, cp) and specific ~/.openclaw paths. The missing declared requirements is an inconsistency that should have been disclosed.

Instruction Scope

The instructions direct the agent/operator to read and modify local config files (~/.openclaw/openclaw.json, per-agent auth-profiles.json), to extract API keys with jq, and to write keys into agent config (memorySearch.remote.apiKey). Reading and copying local credential files is sensitive even if needed for the task. The SKILL.md warns not to echo secrets, but the procedural steps still involve extracting and re-inserting secrets which increases chance of accidental exposure if run automatically or without care.

✓

Install Mechanism

Instruction-only skill with no install spec and no code to run on install. That minimizes supply-chain risk. (Note: runtime requires CLI tools that should be present but were not declared in the metadata.)

Credentials

The skill declares no required environment variables or config paths, yet it instructs accessing multiple files under ~/.openclaw (openclaw.json, agents/*/agent/auth-profiles.json) and reading API keys. Requiring or reading local stored API keys and account secrets is plausible for this task, but the metadata should explicitly declare these privileged file accesses so users can make an informed decision.

✓

Persistence & Privilege

Skill is not always-enabled and does not request persistent platform privileges. The actions are limited to editing OpenClaw configuration and restarting gateway components via the OpenClaw CLI — appropriate for a configuration helper and not indicative of privileged persistence beyond normal config changes.

What to consider before installing

This skill appears to do what it says (set up Feishu multi-account routing), but it omits telling you that it expects the openclaw CLI and common tools (jq, ripgrep/rg, jq, mkdir, cp) and that it will read and copy values from files under ~/.openclaw (including auth-profiles.json which contains API keys). Before running anything: 1) verify the skill’s origin (homepage/source unknown); 2) run the commands manually in a safe/test environment first rather than allowing automated execution; 3) verify presence of required binaries (openclaw, jq, rg) and run the listed openclaw commands yourself to see exactly what changes will be made; 4) inspect ~/.openclaw/agents/*/agent/auth-profiles.json and decide whether you’re comfortable the skill will copy those keys into agent config (consider creating limited-scope keys or rotating keys afterward); 5) back up ~/.openclaw/openclaw.json and any agent directories before applying changes; and 6) avoid pasting or logging extracted keys — follow the SKILL.md caution to not echo secrets. If you need higher assurance, ask the publisher for explicit metadata (required binaries and config paths) or for a signed/verified source before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk978nwtjes4c4tvrytgeacqxmx829qwa

357downloads

0stars

2versions

Updated 7h ago

v1.0.1

MIT-0

Openclaw Feishu Multi Agent Setup

Overview

Set up and verify that each Feishu account is routed to the intended OpenClaw agent with isolated workspace and prompt files. Apply deterministic checks so routing, persona, and channel health are provable from logs. Also ensure each new agent has a valid MEMORY.md and working memory embeddings.

Required Inputs

Target agent ids (example: main, assistant)
Target workspace paths (example: ~/.openclaw/workspace, ~/.openclaw/workspace-assistant)
Feishu account ids (example: default, backup)
App credentials per account (appId, appSecret)
Memory embedding plan per agent (auto or explicit provider/endpoint)

Workflow

1. Inspect current state first

Run:

openclaw agents list --bindings
openclaw agents bindings --json
openclaw config get channels.feishu

Detect these issues before changing anything:

backup/default both mapped to same agent
missing agent in agents.list
missing account in channels.feishu.accounts
duplicated agentDir across agents

2. Back up config before edits

cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak.$(date +%Y%m%d-%H%M%S)

3. Ensure agents are isolated

Prefer non-interactive creation when adding a new agent:

openclaw agents add assistant \
  --non-interactive \
  --workspace ~/.openclaw/workspace-assistant \
  --model minimax-portal/MiniMax-M2.5

Ensure agents.list[] has unique workspace and agentDir per agent.

4. Bootstrap required workspace files for new agents

For every new non-main agent workspace, verify these files exist and are customized:

AGENTS.md
SOUL.md
IDENTITY.md
USER.md
TOOLS.md
MEMORY.md (or memory.md)

Why this is mandatory:

MEMORY.md is injected into system prompt when present.
Without agent-specific MEMORY bootstrap, global long-term context will be missing from prompt.

Also create daily memory directory (used by memory indexing):

mkdir -p ~/.openclaw/workspace-assistant/memory

5. Configure Feishu multi-account block

Ensure this shape exists in ~/.openclaw/openclaw.json:

{
  "channels": {
    "feishu": {
      "enabled": true,
      "defaultAccount": "default",
      "accounts": {
        "default": { "appId": "cli_xxx", "appSecret": "xxx", "enabled": true },
        "backup": { "appId": "cli_yyy", "appSecret": "yyy", "enabled": true }
      }
    }
  }
}

Never echo secrets back to users in plaintext.

6. Bind account to agent deterministically

Use one binding per account:

{
  "bindings": [
    { "agentId": "main", "match": { "channel": "feishu", "accountId": "default" } },
    { "agentId": "assistant", "match": { "channel": "feishu", "accountId": "backup" } }
  ]
}

Or use CLI for simple cases:

openclaw agents bind --agent main --bind feishu:default
openclaw agents bind --agent assistant --bind feishu:backup

7. Ensure prompts are truly different

Update the non-main workspace files so system prompts diverge:

AGENTS.md
SOUL.md
IDENTITY.md
USER.md

Remove stale bootstrap template when persona setup is complete:

BOOTSTRAP.md

8. Harden memory embeddings per new agent

Probe memory first:

openclaw memory status --agent assistant --deep --json

If provider is none, embeddingProbe.ok=false, or logs show provider errors, pin a working provider explicitly.

Example: route memory embeddings through OpenRouter OpenAI-compatible endpoint for work-agent:

AGENT_ID="work-agent"
IDX=$(openclaw agents list --bindings --json | jq -r --arg id "$AGENT_ID" 'to_entries[] | select(.value.id==$id) | .key')
KEY=$(jq -r '.profiles["openrouter:default"].key' ~/.openclaw/agents/$AGENT_ID/agent/auth-profiles.json)

openclaw config set "agents.list[$IDX].memorySearch.provider" '"openai"' --strict-json
openclaw config set "agents.list[$IDX].memorySearch.model" '"text-embedding-3-small"' --strict-json
openclaw config set "agents.list[$IDX].memorySearch.remote.baseUrl" '"https://openrouter.ai/api/v1"' --strict-json
openclaw config set "agents.list[$IDX].memorySearch.remote.apiKey" "\"$KEY\"" --strict-json
openclaw config set "agents.list[$IDX].memorySearch.fallback" '"none"' --strict-json

Then force index once:

openclaw memory index --agent work-agent --force --verbose
openclaw memory status --agent work-agent --deep --json

Expect:

provider is not none
embeddingProbe.ok=true
files/chunks increase after indexing

9. Validate and restart

openclaw config validate
openclaw gateway restart
openclaw gateway status
openclaw channels status --probe

10. Prove routing with log evidence

Ask user to send route-check to each bot. Then inspect logs:

openclaw channels logs --lines 300 | rg "feishu\\[(default|backup)\\].*dispatching to agent"

Expect:

feishu[default] -> session=agent:main:...
feishu[backup] -> session=agent:assistant:...

11. Approve pairing with explicit account

Always approve Feishu pairing with account scope in multi-account setups:

openclaw pairing list feishu --json
openclaw pairing approve feishu <code> --account <accountId> --notify

This prevents approving the same sender into the wrong account allowlist.

12. Handle common Feishu errors

open_id cross app:

Cause: target open_id belongs to a different app account.
Fix: send via matching --account, keep allowFrom scoped per account.
Queue cleanup: archive stale cross-app deliveries in ~/.openclaw/delivery-queue/ before restart if they keep retrying.

gemini embeddings failed: ... User location is not supported:

Cause: memory embedding provider resolves to Gemini in unsupported region.
Fix: set per-agent memorySearch.provider to a supported provider/endpoint (example above).

providerUnavailableReason / provider=none in openclaw memory status --deep:

Cause: no usable memory embedding credentials for that agent.
Fix: configure agent-specific memorySearch provider + key, then run openclaw memory index --agent <id> --force.

99991672 contact scope warning:

Platform fix: grant one contact read scope in Feishu app.
Config fallback: set channels.feishu.resolveSenderNames=false.

cardkit:card:write streaming error:

Platform fix: grant cardkit:card:write.
Config fallback: set channels.feishu.streaming=false and channels.feishu.blockStreaming=false.

Output Contract

When finishing, report:

What changed (files + key fields).
Validation outputs (config validate, gateway status, channels status --probe).
Routing evidence lines for both accounts.
Memory evidence (memory status --agent <id> --deep, index result, provider/embedding probe state).
Any residual warnings and whether they are blocking.

Comments

Loading comments...